BT Home Hubs are wide open

BT IS investigating claims that its most popular home router is so wide open that it enables buffalo to roam and is a place where the deer and the antelope play.

According to creative hacker outfit GNUcitizen.org, the BT Home Hub, which is a fancy name for the Thomson/Alcatel Speedtouch 7G router, can be safely nicknamed Kansas because you can slip a herd of dodgy doggies over its borders and no one will notice. [What are you blithering on about Nick?- News Ed.]

Apparently it is a doddle to take over the router remotely. At the moment there are three demo exploits out there. The first enables a backdoor in order to control the router remotely. Another disables the wireless so that it can only be re-enabled if the user is technically capable and the last steals the WEP/WPA key.

All it takes is for the victim to visit a malicious website and the router can be possessed without the hacker needing to know the admin password.

One of the GNUcitizen.org teams said that problems included an authentication bypass, a system-wide CSRF, several persistent XSS, and several non-persistent XSS. Yep, there were so many acronym problems that it was bound to get confused sooner or later.

GNUCitizen has tipped off BT, who is so worried about the problems they are planning to push a hardware upgrade out soon. A British solution might involve some form of enclosure we would have thought. µ